public override void WriteTo() { var key = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES256); key.Kid = JsonEncodedText.Encode("kid-ec"); key.KeyOps.Add(JwkKeyOpsValues.Sign); key.Use = JwkUseValues.Sig; key.X5t = Base64Url.Decode("dGhpcyBpcyBhIFNIQTEgdGVzdCE"); key.X5tS256 = Base64Url.Decode("dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA"); key.X5u = "https://example.com"; key.X5c.Add(Convert.FromBase64String("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==")); using var bufferWriter = new PooledByteBufferWriter(); key.Serialize(bufferWriter); var json = Encoding.UTF8.GetString(bufferWriter.WrittenSpan.ToArray()); Assert.Contains("\"kid\":\"kid-ec\"", json); Assert.Contains("\"key_ops\":[\"sign\"]", json); Assert.Contains("\"use\":\"sig\"", json); Assert.Contains("\"x5t\":\"dGhpcyBpcyBhIFNIQTEgdGVzdCE\"", json); Assert.Contains("\"x5t#S256\":\"dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA\"", json); #if NETSTANDARD2_0 Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com") + "\"", json); Assert.Contains("\"x5c\":[\"MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K\u002bIiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel\u002bW1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW\u002boyVVkaZdklLQp2Btgt9qr21m42f4wTw\u002bXrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL\u002b9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo\u002bOwb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk\u002bfbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C\u002b2qok\u002b2\u002bqDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR\u002bN5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==\"]", json); #else Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com", JsonSerializationBehavior.JsonEncoder) + "\"", json); Assert.Contains("\"x5c\":[\"" + JsonEncodedText.Encode("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==", JsonSerializationBehavior.JsonEncoder) + "\"]", json); #endif Assert.Contains("\"crv\":\"P-256\"", json); Assert.Contains("\"x\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.X)) + "\"", json); Assert.Contains("\"y\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.Y)) + "\"", json); Assert.Contains("\"d\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.D)) + "\"", json); }
private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm) { var jwk = algorithm.Category switch { Cryptography.AlgorithmCategory.None => Jwk.None, Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm), Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm), Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm), _ => throw new InvalidOperationException() }; var descriptor = new JwsDescriptor(jwk, algorithm) { Payload = new JwtPayload { { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" } } }; return(new JwsDescriptorWrapper(descriptor)); } }
public void Equal(EllipticalCurve crv) { var key = ECJwk.GeneratePrivateKey(crv); Assert.True(key.Equals(key)); Assert.Equal(key, key); var publicKey = key.AsPublicKey(); Assert.NotEqual(key, publicKey); var copiedKey = ECJwk.FromJson(key.ToString()); Assert.Equal(key, copiedKey); // 'kid' is not a discriminant, excepted if the value is different. copiedKey.Kid = default; Assert.Equal(key, copiedKey); Assert.Equal(copiedKey, key); key.Kid = default; Assert.Equal(key, copiedKey); key.Kid = JsonEncodedText.Encode("X"); copiedKey.Kid = JsonEncodedText.Encode("Y"); Assert.NotEqual(key, copiedKey); Assert.NotEqual(key, Jwk.None); }
private static void GenerateKeys() { // The GenerateKey method creates a new crypto-random asymmetric key for elliptic curve algorithms var ecKey = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES512); Console.WriteLine("Asymmetric generated JWK for elliptic curve P-521, for ES512 signature algorithm:"); Console.WriteLine(ecKey); Console.WriteLine(); // The GenerateKey method creates a new crypto-random asymmetric key for RSA algorithms // You may specify a bigger key size. The default is the minimum size (2048 bits for RSA) var rsaKey = RsaJwk.GeneratePrivateKey(SignatureAlgorithm.PS384); Console.WriteLine("Asymmetric generated JWK of 2048 bits for RSA, for PS384 signature algorithm:"); Console.WriteLine(rsaKey); Console.WriteLine(); // The GenerateKey method creates a new crypto-random symmetric key for symmetric algorithms var symmetricKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256); Console.WriteLine("Symmetric generated JWK of 128 bits, for HS256 signature algorithm:"); Console.WriteLine(symmetricKey); Console.WriteLine(); // The GenerateKey method creates a new crypto-random aymmetric key for RSA algorithms var symmetricKey2 = SymmetricJwk.GenerateKey(256, computeThumbprint: false); Console.WriteLine("Symmetric generated JWK of 256 bits, without specified signature algorithm, without key identifier (the thumbprint):"); Console.WriteLine(symmetricKey2); Console.WriteLine(); }
public void TryWrapKey_WithStaticKey_Success(EncryptionAlgorithm enc, KeyManagementAlgorithm alg) { var contentEncryptionKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256); Jwk cek = TryWrapKey_Success(contentEncryptionKey, enc, alg); Assert.NotNull(cek); Assert.IsType <SymmetricJwk>(cek); }
public void GenerateKey(EllipticalCurve crv) { var key = ECJwk.GeneratePrivateKey(crv); Assert.NotNull(key); var key2 = ECJwk.GeneratePrivateKey(crv.SupportedSignatureAlgorithm); Assert.NotNull(key2); }
public override void Canonicalize() { var jwk = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES256); var canonicalizedKey = (ECJwk)CanonicalizeKey(jwk); Assert.True(canonicalizedKey.D.IsEmpty); Assert.Equal(EllipticalCurve.P256.Id, canonicalizedKey.Crv.Id); Assert.False(canonicalizedKey.X.IsEmpty); Assert.False(canonicalizedKey.Y.IsEmpty); }
private Jwk TryWrapKey_Success(ECJwk keyToWrap, EncryptionAlgorithm enc, KeyManagementAlgorithm alg) { var keyEncryptionKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256); var wrapper = new EcdhKeyWrapper(keyEncryptionKey, enc, alg); var cek = WrapKey(wrapper, keyToWrap, out var header); Assert.Equal(1, header.Count); Assert.True(header.ContainsKey("epk")); return(cek); }
public void Setup() { var key = SymmetricJwk.GenerateKey(256); var rsaKey = RsaJwk.GeneratePrivateKey(2048); var ecKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256); for (int i = 0; i < Count; i++) { key.TryGetSigner(SignatureAlgorithm.HS256, out var signer); id = i; _dictionary.Add(id, signer); _concurrentDictionary.TryAdd(id, signer); _cryptoStore.TryAdd(id, signer); _cryptoStore2.TryAdd(id, signer); } }
private static JweWrapper CreateDescriptor(KeyManagementAlgorithm algorithm, EncryptionAlgorithm encryptionAlgorithm) { var jwk = algorithm.Category switch { Cryptography.AlgorithmCategory.None => Jwk.None, Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256, algorithm), Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm), Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.Direct => SymmetricJwk.GenerateKey(encryptionAlgorithm), Cryptography.AlgorithmCategory.Direct | Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256), _ => throw new InvalidOperationException(algorithm.Category.ToString()) }; var descriptor = new JweDescriptor(jwk, algorithm, encryptionAlgorithm) { Payload = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None) { Payload = new JwtPayload { { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" } } } }; var policy = new TokenValidationPolicyBuilder() .AcceptUnsecureToken("https://idp.example.com/") .WithDecryptionKey(jwk) .Build(); var writer = new JwtWriter(); return(new JweWrapper(writer.WriteToken(descriptor), algorithm, encryptionAlgorithm, policy)); } }
public void GenerateKey(EllipticalCurve crv) { var key = ECJwk.GeneratePrivateKey(crv); Assert.NotNull(key); }